-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstartup.sh
80 lines (67 loc) · 2.88 KB
/
startup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#!/bin/bash
sudo apt update && sudo apt upgrade -y
sudo apt install -y openssh-server
sudo apt install -y google-cloud-sdk
# Assign environment variables to local shell variables
USERNAME_GA4="ga4-importer"
USERNAME_SFTP=${username_sftp}
GCS_BUCKET=${gcs_bucket}
# Add users without passwords
sudo adduser --comment "" --disabled-password "$USERNAME_GA4"
sudo adduser --comment "" --disabled-password "$USERNAME_SFTP"
# Authorize public keys for the GA4 user
mkdir -p /home/"$USERNAME_GA4"/.ssh
echo "${public_key_ga4}" | sudo tee -a /home/"$USERNAME_GA4"/.ssh/authorized_keys > /dev/null
sudo chown "$USERNAME_GA4":"$USERNAME_GA4" /home/"$USERNAME_GA4"/.ssh
sudo chmod 755 /home/"$USERNAME_SFTP"
sudo chmod 700 /home/"$USERNAME_GA4"/.ssh
sudo chown "$USERNAME_GA4":"$USERNAME_GA4" /home/"$USERNAME_GA4"/.ssh/authorized_keys
sudo chmod 600 /home/"$USERNAME_GA4"/.ssh/authorized_keys
# Authorize public keys for the SFTP user
mkdir -p /home/"$USERNAME_SFTP"/.ssh
echo "${public_key_sftp}" | sudo tee -a /home/"$USERNAME_SFTP"/.ssh/authorized_keys > /dev/null
sudo chown "$USERNAME_SFTP":"$USERNAME_SFTP" /home/"$USERNAME_SFTP"/.ssh
sudo chmod 755 /home/"$USERNAME_SFTP"
sudo chmod 700 /home/"$USERNAME_SFTP"/.ssh
sudo chown "$USERNAME_SFTP":"$USERNAME_SFTP" /home/"$USERNAME_SFTP"/.ssh/authorized_keys
sudo chmod 600 /home/"$USERNAME_SFTP"/.ssh/authorized_keys
# Set up SFTP directories and permissions
sudo mkdir -p /var/sftp/uploads
sudo chown "$USERNAME_SFTP:$USERNAME_SFTP" /var/sftp/uploads
sudo chmod 775 /var/sftp/uploads
# Install gcsfuse to mount the Google Cloud Storage (GCS) bucket
export GCSFUSE_REPO=gcsfuse-`lsb_release -c -s`
echo "deb https://packages.cloud.google.com/apt $GCSFUSE_REPO main" | sudo tee /etc/apt/sources.list.d/gcsfuse.list
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
sudo apt-get update -y
sudo apt-get install -y fuse gcsfuse
# Mount the GCS bucket directly to the uploads folder
sudo gcsfuse -o allow_other -file-mode=777 -dir-mode=777 "$GCS_BUCKET" /var/sftp/uploads
# Ensure PubkeyAuthentication and AuthorizedKeysFile are set in sshd_config
sudo sed -i '/^#*PubkeyAuthentication/c\PubkeyAuthentication yes' /etc/ssh/sshd_config
sudo sed -i '/^#*AuthorizedKeysFile/c\AuthorizedKeysFile .ssh/authorized_keys' /etc/ssh/sshd_config
# Configure SSH server for SFTP
sudo tee -a /etc/ssh/sshd_config > /dev/null <<EOT
# Update compatibility for GA4's SSH types
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
# User settings
Match User $USERNAME_GA4
ForceCommand internal-sftp
PasswordAuthentication no
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Match User $USERNAME_SFTP
ForceCommand internal-sftp
PasswordAuthentication no
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
EOT
# Restart SSH service to apply changes
sudo service ssh restart